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^^bvComputing apparatus comprising mouffted on an assembly main processing means and 
5 main memory means, each beirjg^nnected for communication with one or more other 
components on the assemble 

characterisedt>/Turther comprising a trusted device mounted on the assembly and 
being connectefHor communications with one or more other components on the assembly, 
the trustgdaevice being arranged to acquire a true value of an integrity metric of the 
1 0 cpm^ting apparatus. 



^_ 2. Computing apparatus according to claim 1, wherein the trusted device comprises device 
1,0 memory means and means for instructing the main processing means to determine the 

= ^ integrity metric and return the integrity metric for storage in the device memory means. 
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3. Computing apparatus according to claim 2, wherein the means for instructing the main 
processing means comprises, stored in the device memory means, program code native to 
the main processing means, and the tmsted device is arranged to transfer the instructions of 
the program code to the main processing means. 
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4. Computing apparatus according to claim 3, wherein the/^Slatform is arranged to cause the 
instructions to be the first instructions executed after rel^se from reset. 

5. Computing apparatus according to claim 2ior claim 4, wherein the trusted device is 
25 arranged to transfer the instructions to the/fiain processing means in response to memory 

read signals from the main processing ra^ns. 

6. Computing apparatus accordiffg to any one of claims 1 to 5, wherein the trusted device 
comprises device memory me^s and Is arranged to monitor the data bus means and store 

30 in the device memory meapfe a flag in the event the first memory read signals generated by 
the main processing means after the computing apparatus is released from reset are 
addressed to the trusted device. 
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7. Computing apparatus according to^my one of claims 1 to 6. wherein the trusted device 
has stored in device memory m^afis at least one of: 

a unique identitvpHne trusted device; 

an authentjpafed integrity metric generated by a trusted party; and 

R =^f;Q.>,^ 

8. Computing apparatus according to claim 7, wherein the trusted device has stored in 
device memory means a secret comprising a private asymmetric encryption key. 



10 9. Computing apparatus according to claim 8, wherein the trusted device also has stored in 
device memory means a respective public encryption key that has been signed by a trusted 
party. 
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10. Computing apparatus according^ claim 8 or claim 9, wherein the trusted device has 
15 stored in device memory nri|arrs an authenticated integrity metric generated by a trusted 
party and includes appitSryption function, the trusted device being arranged to generate a 
response to a reelived challenge, the response comprising an acquired integrity metric and 
the autheptlcated integrity metric, both signed by the encryption function using the private 
asypRtfietric encryption key. 
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11. A trusted ( 
precedirjg^laim^ 



configured for use in computing apparatus according to any one of the 
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12. A method of operating a system conTpfTsing trusted computing apparatus and a user, 
le trusted computing apparatus incorporating a trusted device being arranged to acquire 
the true value of an integrity metrjp^f the computing apparatus, the method comprising the 
steps of: 

the trusted devip^acquiring the true value of the integrity metric of the trusted 
computing apparatus 

the user/^nerating a challenge for the trusted computing apparatus to prove its 
integrity and^bmitting the challenge to the trusted computing apparatus; 

the trusted computing apparatus receiving the challenge, and the trusted device 
genep^ting a response including the integrity metric and returning the response to the user; 
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the user receiving tlTe/esponse, extracting the integrity metric from the response and 
comparing the integrit^/metric with an authenticated metric for the trusted computing 
apparatus that hadja^n generated by a trusted party. 



5 13. A method according to claim 12, wherein the challenge includes a nonce, the response 
includes the integrity metric and the nonce, both digitally signed by the trusted device using a 
information security algorithm, and the user verifies the integrity metric and the nonce using 
a respective Information security algorithm. 



10 14. A method according to claim 13, wherein the trusted device uses a private encryption 
key to sign the integrity metric and the nonce, and the user uses the respective public 
encryption key to verify the integrity metric and the nonce. 

15. A method according to claim 14, wherein the response includes a certificate held by the 
'■^ 15 trusted device, which certificate has been digitally signed by a trusted party using a private 
encryption key of the trusted party, the certificate including the public encryption key of the 
trusted device, and the user verifies the certificate using the public encryption key of the 
trusted party and uses the public encryption key from the certificate to verify the integrity 
metric and the nonce. 
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W A" method of establishing a communications channel in a system between trusted 
computing apparatus and remote computing apparatus, the method including the step of the 
remote computing apparatus verifying the integrity of the trusted computing apparatus using 
the method according to any one of claimg 12 to 15, and maintaining the communications 
25 channel for further transactions in the evf&nt the integrity of the trusted computing apparatus 
is successfully verified by the remote c^puting apparatus. 

A method of verifying that tru^ed computing apparatus is trustworthy for use by a user 
for processing a particular applioation, the method including the step of the user verifying the 
30 integrity of the trusted computing apparatus using the method according to any one of claims 
12 to 15, and the user using the tnjsted computing apparatus to process the particular 
application in the event Ja\e integrity of the trusted computing apparatus is successfully 
verified by the remote qomputing apparatus^ ^_ 
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18. Trusted computing apparatus adapted for us^in accordance with the method of any one 
of claims 1 2 to 1 7. 



19. Remote computing apparatus arranged forlLise in accordance with claim 16. 



20. A trusted device arranged for usi 



in accoijbance with any one of claims 12 to 17. 



21. Computing apparatus configured to receive a trusted device as claimed in claim 11. 
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